CentOS Icon CentOS Logo
CentOS Text
   
  
www.centos.org Forum Index
   CentOS 5 - General Support
  Translate /etc/sudoers from Ubuntu to CentOS

 

 Bottom   Previous Topic   Next Topic
  •  Rate Thread
      Rate this Thread
      Excellent
      Good
      Average
      Bad
      Terrible
Poster Thread
  •  jonaskellens
      jonaskellens
Translate /etc/sudoers from Ubuntu to CentOS
#1
Peeking in the Member Window
Joined: 2009/3/20
From Ghent, Belgium
Posts: 25
I'm following this guide : http://blog.nicolargo.com/2008/10/superviser-asterisk-dans-nagios-grace-a-nagisk.html
to monitor SIP-connections on an Asterisk-server with Nagios.

At some point the author mentions adding the following line to /etc/sudoers :
nagios    ALL= NOPASSWD: /usr/sbin/asterisk


I can not do this in CentOS and when trying to monitor SIP-connections I get the following output :
[root@nagios ~]# /usr/local/nagios/libexec/check_nrpe -H ip_address -c check_asterisk_peers
NRPE: Unable to read output


I think the NRPE-plugin on my Asterisk-server has not enough rights to interrogate Asterisk about its SIP-connections.

What is the equivalent of /etc/sudoers in CentOS ???

These are the rights of the check_nrpe on the Nagios Server :
[root@nagios ~]# ls -l /usr/local/nagios/libexec/check_nrpe
-rwxrwxr-x 1 nagios nagios 58017 Oct 31 11:40 /usr/local/nagios/libexec/check_nrpe

These are the rights of the plugin that questions about the SIP-peers on the Asterisk-server :
bash-3.2# ls -l /usr/local/nagios/libexec/nagisk.pl
-rwxr-x--- 1 nagios nagios 4163 Nov  2 17:12 /usr/local/nagios/libexec/nagisk.pl

The NRPE-plugin on the Asterisk-server is part of the Xinetd-proces.

Asterisk himself is currently running as the root-user.
Posted on: 2009/11/3 19:40
Create PDF from Post Print
Top
  •  pschaff
      pschaff
Re: Translate /etc/sudoers from Ubuntu to CentOS
#2
Moderator
Joined: 2006/12/13
From Tidewater Virginia, North America
Posts: 3404
To answer your direct question see "man visudo"; however, if root can't run the command sudo is probably not going to help.
_________________
Phil
Required reading: FAQ & Readme first ; Search hint: google "your topic site:centos.org"; Smart Questions
Posted on: 2009/11/3 19:51
Create PDF from Post Print
Top
  •  jonaskellens
      jonaskellens
Re: Translate /etc/sudoers from Ubuntu to CentOS
#3
Peeking in the Member Window
Joined: 2009/3/20
From Ghent, Belgium
Posts: 25
Quote:

pschaff wrote:
To answer your direct question see "man visudo"; however, if root can't run the command sudo is probably not going to help.


Root can run the command :

bash-3.2# whoami
root
bash-3.2# /usr/local/nagios/libexec/nagisk.pl -c version
Asterisk 1.4.25.1 built by root @ vps.domain.tld on a x86_64 running Linux on 2009-08-21 09:19:56 UTC
bash-3.2# su nagios
[nagios@vps]$ whoami
nagios
[nagios@vps]$ /usr/local/nagios/libexec/nagisk.pl -c version
[nagios@vps]$


It's the nagios-user that can not run the command.

Changing the rights of nagisk.pl to root does not help
[nagios@vps]$ /usr/local/nagios/libexec/nagisk.pl -c version
bash: /usr/local/nagios/libexec/nagisk.pl: Permission denied


And on the monitoring Nagios-server :
[root@nagios ~]# /usr/local/nagios/libexec/check_nrpe -H ip_asterisk -c check_asterisk_peers
NRPE: Unable to read output
[root@nagios ~]# su nagios
[nagios@nagios]$ /usr/local/nagios/libexec/check_nrpe -H ip_asterisk -c check_asterisk_peers
NRPE: Unable to read output


It's the NRPE-pluging that needs to be able to run as root-user, I think.

bash-3.2# cat /etc/xinetd.d/nrpe 
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
       	flags           = REUSE
        socket_type     = stream    
	port		= 5666    
       	wait            = no
        user            = nagios
	group		= nagios
       	server          = /usr/local/nagios/bin/nrpe
        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
       	log_on_failure  += USERID
        disable         = no
	only_from       = 127.0.0.1 ip_nagios
}


Would it be safe to change the user ???

BY the way :
bash-3.2# man visudo
No manual entry for visudo
Posted on: 2009/11/4 8:36
Create PDF from Post Print
Top
  •  AlanBartlett
      AlanBartlett
Re: Translate /etc/sudoers from Ubuntu to CentOS
#4
Professional Board Member
Joined: 2007/10/22
From ~/Earth/UK/England/Suffolk
Posts: 4294
Quote:

bash-3.2# man visudo
No manual entry for visudo

That's odd. 

$ locate visudo
/usr/sbin/visudo
/usr/share/doc/sudo-1.6.9p17/visudo.pod
/usr/share/man/man8/visudo.8.gz
$ rpm -qf /usr/sbin/visudo
sudo-1.6.9p17-5.el5
$ rpm -ql sudo
/etc/pam.d/sudo
/etc/pam.d/sudo-i
/etc/sudoers
/usr/bin/sudo
/usr/bin/sudoedit
/usr/libexec/sudo_noexec.so
/usr/sbin/visudo
/usr/share/doc/sudo-1.6.9p17
/usr/share/doc/sudo-1.6.9p17/BUGS
/usr/share/doc/sudo-1.6.9p17/CHANGES
/usr/share/doc/sudo-1.6.9p17/HISTORY
/usr/share/doc/sudo-1.6.9p17/LICENSE
/usr/share/doc/sudo-1.6.9p17/README
/usr/share/doc/sudo-1.6.9p17/README.LDAP
/usr/share/doc/sudo-1.6.9p17/TROUBLESHOOTING
/usr/share/doc/sudo-1.6.9p17/UPGRADE
/usr/share/doc/sudo-1.6.9p17/sample.pam
/usr/share/doc/sudo-1.6.9p17/sample.sudoers
/usr/share/doc/sudo-1.6.9p17/sample.syslog.conf
/usr/share/doc/sudo-1.6.9p17/schema.OpenLDAP
/usr/share/doc/sudo-1.6.9p17/schema.iPlanet
/usr/share/doc/sudo-1.6.9p17/sudo.pod
/usr/share/doc/sudo-1.6.9p17/sudoers.pod
/usr/share/doc/sudo-1.6.9p17/sudoers2ldif
/usr/share/doc/sudo-1.6.9p17/visudo.pod
/usr/share/man/man5/sudoers.5.gz
/usr/share/man/man8/sudo.8.gz
/usr/share/man/man8/sudoedit.8.gz
/usr/share/man/man8/visudo.8.gz
/var/run/sudo
$
_________________
Alan.

100% CentOS, Linux & Unix. Co-founder of ELRepo.
Posted on: 2009/11/4 10:34
Create PDF from Post Print
Top
  •  jonaskellens
      jonaskellens
Re: Translate /etc/sudoers from Ubuntu to CentOS
#5
Peeking in the Member Window
Joined: 2009/3/20
From Ghent, Belgium
Posts: 25
The sudo-package is not installed. The whole time I was looking for visudo.

Is visudo commenly used on CentOS/Fedora/RedHat ??

Always thought sudo was something for Debian-based.

And there's no other way than installing the sudo-package ?
Posted on: 2009/11/4 13:14
Create PDF from Post Print
Top
  •  pschaff
      pschaff
Re: Translate /etc/sudoers from Ubuntu to CentOS
#6
Moderator
Joined: 2006/12/13
From Tidewater Virginia, North America
Posts: 3404
No other way to use sudo certainly. It is used routinely on CentOS/RHEL.

Another way to do what you want to do? Maybe - I'm still not clear on what your underlying issues are, but then I don't use Nagios, nor Asterisk, nor speak French to understand the procedure you linked.
_________________
Phil
Required reading: FAQ & Readme first ; Search hint: google "your topic site:centos.org"; Smart Questions
Posted on: 2009/11/4 13:51
Create PDF from Post Print
Top
  •  jonaskellens
      jonaskellens
Re: Translate /etc/sudoers from Ubuntu to CentOS
#7
Peeking in the Member Window
Joined: 2009/3/20
From Ghent, Belgium
Posts: 25
Well I don't speak French either, I speak Dutch. But I understand about six languages . It's the only tutorial that I came across.

NRPE is a Nagios-plugin to monitor services on a remote client.
It is running as xinetd-service.
I don't know if giving such a process root-privileges will make my server less secure ?
Posted on: 2009/11/4 14:02
Create PDF from Post Print
Top
  •  scottro
      scottro
Re: Translate /etc/sudoers from Ubuntu to CentOS
#8
Professional Board Member
Joined: 2007/9/3
From NYC
Posts: 666
Have you seen http://www.maxsworld.org/index.php/how-tos/nrpe

I'm not sure if it will solve your issues or not, but it is CentOS specific.

Sudo isn't Debian. What Ubuntu (not Debian) has done is follow Mac OS X, pretty much eliminating the root account and having sudo do everything. Fedora seems headed in that direction as well.

Distributions that assume their users have more experience (at least, this is how it seems to me), certainly also use sudo, but some, like CentOS, have different paths for users and root. I have a page on this at http://home.roadrunner.com/~computertaijutsu/rhpath.html

Hope that at least some of this helps a bit, but I'm not sure it will.
Posted on: 2009/11/4 17:14
Create PDF from Post Print
Top
  •  jonaskellens
      jonaskellens
Re: Translate /etc/sudoers from Ubuntu to CentOS
#9
Peeking in the Member Window
Joined: 2009/3/20
From Ghent, Belgium
Posts: 25
Thank you for the link. It brings no new info for me.
It's really the combination of NRPE without root-privileges that has to check a service which runs as root.

It's time I learn to sudo I guess.

What is the best solution :

# visudo -f /etc/sudoers
--snip--
nagios ALL= (root) NOPASSWD: /usr/local/nagios/libexec/nagisk.pl
--snip--
Turn of requiretty, because it will run without a console
--snip--
#Defaults    requiretty
--snip--


OR :

# visudo -f /etc/sudoers
--snip--
nagios    ALL= NOPASSWD: /usr/sbin/asterisk
Posted on: 2009/11/5 8:30
Create PDF from Post Print
Top
 Top   Previous Topic   Next Topic

 

 You cannot start a new topic.
 You can view topic.
 You cannot reply to posts.
 You cannot edit your posts.
 You cannot delete your posts.
 You cannot add new polls.
 You cannot vote in polls.
 You cannot attach files to posts.
 You cannot post without approval.




"Linux" is a registered trademark of Linus Torvalds. | All other trademarks are property of their respective owners. | All other content is Copyright @ 2004-2009 by the CentOS Project or "each individual contributor (forums, comments, etc.) unless otherwise assigned".| Theme based on a theme by 7dana.com